Comptia (CS0-002) Exam Questions And Answers page 4
An organization recently discovered a malware sample on an internal server. IoCs showed the malware sample was running on port 27573. The incident response team successfully removed the malware from the server, but the organization is now concerned about other instances of the malware being installed on another server. The following network traffic was captured after the known malware was assumed to be eradicated:
Which of the following can the organization conclude?
Which of the following can the organization conclude?
Only the server at 192.168.1.103 has an indication of a possible compromise.
Only the server at 192.168.1.104 has an indication of a possible compromise.
Both servers 192.168.1.101 and 192.168.1.134 indicate a possible compromise.
The server at 192.168.1.134 is exfiltrating data in 25KB files to servers throughout the organization.
Cyber Incident Response
Cybersecurity Tool Sets
A threat intelligence analyst has received multiple reports that are suspected to be about the same advanced persistent threat. To which of the following steps in the intelligence cycle would this map?
Dissemination
Analysis
Feedback
Requirements
Collection
Threat Management
A Chief Information Security Officer (CISO) is concerned developers have too much visibility into customer data. Which of the following controls should be implemented to BEST address these concerns?
Data masking
Data loss prevention
Data minimization
Data sovereignty
Threat Management
Compliance and Assessment
While preparing for an audit of information security controls in the environment, an analyst outlines a framework control that has the following requirements:
• All sensitive data must be classified.
• All sensitive data must be purged on a quarterly basis.
• Certificates of disposal must remain on file for at least three years.
This framework control is MOST likely classified as:
• All sensitive data must be classified.
• All sensitive data must be purged on a quarterly basis.
• Certificates of disposal must remain on file for at least three years.
This framework control is MOST likely classified as:
prescriptive
risk-based
preventive
corrective
Compliance and Assessment
A security analyst reviews a recent network capture and notices encrypted inbound traffic on TCP port 465 was coming into the company s network from a database server. Which of the following will the security analyst MOST likely identify as the reason for the traffic on this port?
The server is configured to communicate on the secure database listener port.
Someone has configured an unauthorized SMTP application over SSL
A connection from the database to the web front end is communicating on the port
The server is receiving a secure connection using the new TLS 1.3 standard
Security Architecture and Tool Sets
Compliance and Assessment
A general contractor has a list of contract documents containing critical business data that are stored at a public cloud provider. The organization s security analyst recently reviewed some of the storage containers and discovered most of the containers are not encrypted. Which of the following configurations will provide the MOST security to resolve the vulnerability?
Upgrading TLS 1.2 connections to TLS 1.3
Implementing AES-256 encryption on the containers
Enabling SHA-256 hashing on the containers
Implementing the Triple Data Encryption Algorithm at the file level
Threat Management
Cybersecurity Tool Sets
A developer wrote a script to make names and other PII data unidentifiable before loading a database export into the testing system. Which of the following describes the type of control that is being used?
Data loss prevention
Data encoding
Data masking
Data classification
Cybersecurity Tool Sets
Compliance and Assessment
A security analyst is investigating a compromised Linux server. The analyst issues the ps command and receives the following output:
Which of the following commands should the administrator run NEXT to further analyze the compromised system?
Which of the following commands should the administrator run NEXT to further analyze the compromised system?
strace /proc/1301
rpm V openssh-server
/bin/ls l /proc/1301/exe
kill -9 1301
Security Operations and Monitoring
A security analyst for a large financial institution is creating a threat model for a specific threat actor that is likely targeting an organization's financial assets.
Which of the following is the BEST example of the level of sophistication this threat actor is using?
Which of the following is the BEST example of the level of sophistication this threat actor is using?
Social media accounts attributed to the threat actor
Custom malware attributed to the threat actor from prior attacks
Email addresses and phone numbers tied to the threat actor
Network assets used in previous attacks attributed to the threat actor
IP addresses used by the threat actor for command and control
Threat Management
A security analyst is reviewing the following log entries to identify anomalous activity:
Which of the following attack types is occurring?
Which of the following attack types is occurring?
Directory traversal
SQL injection
Buffer overflow
Cross-site scripting
Security Operations and Monitoring
Comments